Kurt Schmid, our Managing Director Digital Payment, asked: “Merchant Tokenization and SRC – the next BUZZ words – how do these change eCommerce Payments?”.
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Digital Payments - Netcetera Innovation Summit 2018
1. Bernried, September 2018
Kurt Schmid, Managing Director Digital Payments
A small step for a programmer, a big step for payments
Merchant Tokenization & Secure
Remote Commerce
2. Questions
Who likes to enter PANs again and again
for every new merchant?
Who is worried of fraud on his/her
card?
Who knows all the places where your
card data is stored?
Why is Amazon so powerful?
2
4. When the PAN and other card data is known fraud
can be made with little efforts
The PAN and other card data therefore is in PCI-
Scope
The weakest link makes the level of security
Why Tokenization? What is the problem?
Securing the Card Number (PAN)
5. Key and surrounding roles
5
Token
Requestor
Token
Service
Provider
Card Issuer
Merchant
End User
PSPScheme
Acquirer
NSP
IoT
Device Wallet
(X Pay)
TR TSP
Issuer
TSP
9. Scaling Up Tokenization (2)
9
Token
Requestor
Token Service Provider Card Issuer
MDES, VTS, AETS
10. Scaling Up Tokenization (3)
10
Token
Requestor
Token
Service
Provider
Card Issuer
Aggregators
Token
Requestor
TSP
Card Issuer
TSP
11. Know Usage for Mobile Contactless Payment
11
Enabling an App to perform mobile contactless
payment at the POS
Request Tokens via MDES, VTS etc. for Cloud
Based Payments
NFC Interface to Terminals nbased on Host Card
Emulation (HCE)
Replenishment of short living card keys to
increase security (“SUK”, “LUK” instead of CMKs)
12. MyBankApp
Accounts 6,750.00
Recent Transactions
Ready to Pay
Tokenization in use for Mobile Contactless Payments
12
Token
Requestor
(CMS-D,
MAP)
Scheme
Token
Service
(MDES
VTS
AETS)
Card Issuer
authenticates
Encrypted PAN
PSP,
Acquirer
Network
AuthDeTok.
13. E-Commerce Payment
13
Enabling an e-Commerce
application for Payments
Card Not Present and 3DS
today’s prevailing
methods for checkout
14. Concerns in eComm Payments
14
Risk/Fraud through
different attacks
Low Conversion rates
on mobile channels
Abandonning the
checkout process
Higher costs for CNP
versus CP
Merchant concerns Issuer concerns
Risk/Fraud through
different attacks
Cost of customer care
Lost transactional
Revenue
Consumer concerns
Ease of onboarding
Convience at shopping
15. Why not use Tokenization in e-Commerce?
Each merchant does not store the PAN but a
token
Security will be Card Present like by using a
cryptogram
15
The basic Ideas:
Mastercard started M4M (MDES for
Merchants)
VISA speaking about Tokenizazion in
eCommerce and Card of File (COF)
16. Tokenization in use for e-Commerce Payments
16
Token
Requestor
(CMS-D,
MAP)
Scheme
Token
Service
(MDES
VTS
AETS)
Card Issuer
PSP,
Acquirer
Network
AuthDeTok.
COF
PAN Entry
17. Use Cases
Enroll: Add card manually or tokenize from card of file
Display cards: Card art coming from token service (User
sees his real card image)
Transact: Generate EMV cryptogram (can be used for one
or more transactions)
Lifecycle: Issuer Account Update
19. Secure Remote Commerce Framework (“SRC”)
Defined by EMVCo ( /)
Scheme agnostic to help interoperability
Pay securely by credit card” button in checkout
Will be scheme neutral successor of MasterPass & Visa Checkout starting 2019 / 2020
Will support card tokenization using MDES and VTS
Will support card present type security (“cryptograms”)
Demonstrator available from Netcetera, Training courses will be available
20. Roles used in SRC
20
Token
Requestor
Token
Service
Provider
(Scheme)
Card Issuer
Supporting
SRC
SRC System
Digital Card
Facilitator
Digital
Shopping
Application
(aka
Merchant)
PSP
SRC
Inititator
23. Benefits
Seamless experience – Starts with card entry
like user is used to do
No onboarding required – but device /
merchant pairing possible from issuer app
Works with all schemes in the same way
Tokenization and EMV-like security will
prevent fraud and lower the costs
24. As Issuer
As Merchant
As PSP
As Acquirer
How to approach this?
Ask for a training
on SRC done by
our expert
Thomas Fromherz